Published Release Notes

All search data is encrypted

All search data in Pega Cloud deployments is now encrypted, both at rest and in transit. The encryption of search data makes search compliant with regulatory requirements.

For more information about search, see Full-text search.

Authentication service for basic credentials

A new type of authentication service is available for authenticating operators by using basic credentials (user ID and password). The default Pega Platform™ login is now an instance of this type of authentication service. All basic credentials authentication services include mobile authentication with the OAuth 2.0 protocol and Proof Key for Code Exchange (PKCE). You no longer have to create a custom authentication service to support mobile applications.

For more information, see Configuring a basic authentication service.

Identify Pega unit test cases associated with inactive or deleted rules

From the Application: Unit testing landing page, you can view a list of all Pega unit test cases that are associated with inactive or deleted rules in the currently included applications. You cannot use these test cases because they will always fail.

Either remove such test cases, or reactivate the rules that they are associated with.

For more information, see Application: Unit testing landing page.

Unauthenticated sessions transition seamlessly to authenticated

A new authentication service type allows a guest user to use an application without logging in, and to be prompted to authenticate later in the session. This enhancement supports scenarios such as online shopping portals where a user can browse for items and load a shopping cart as a guest but be prompted for credentials at checkout.

For more information, see Configuring an anonymous authentication service.

Create single sign-on authentication services from App Studio

You can create and enable single sign-on (SSO) authentication services from a new landing page in App Studio. From this new landing page you can also configure new SAML and OpenID Connect authentication services to provision users. For more information, see Creating a SAML SSO authentication service and Creating an OIDC SSO authentication service.

Protect against insecure deserialization

Deserialization is the process of rebuilding a data stream into a Java object. The Open Web Application Security Project (OWASP) has identified insecure deserialization as one of the top 10 security vulnerabilities for web applications. Pega Platform™ protects against this vulnerability by using filters that prevent deserialization of suspect data streams. You can configure these filters from the Deserialization Blacklist landing page.

For more information, see Configuring the deserialization filter.

Merged test-coverage report improves overview of application quality

You can now merge multiple application-level test coverage reports from built-on apps into a single report. This single test-coverage report provides an overview of your application's quality, and eliminates the need to manually collate data from multiple reports.

For more information, see Generating a merged coverage report.

Updates to creating and cleaning the test data for automated tests

Creating test data for automated tests is now easier and more customizable. During test case or suite creation, you can now create objects, load work and data objects, and add user pages from the clipboard. These objects and pages can be further configured and will be available in the clipboard when you run the test.

For test cases, you can now define a separate set of actions to perform after the tested rule is run, such as applying a data transform, loading a data page or object, or running an activity,

You can also prevent test data from being removed from the clipboard after a test is run so that subsequent tests can use the same test data.

For more information, see Setting up your test environment and Cleaning up your test environment.